Windows Firewall Demo Part 1

00:00

Hey, everybody. My name is Peter Simple own. And this is the network Security course.

00:05

This is going to be module six. Lesson three.

00:10

Prerequisites for this course have been modules one through five. And the 1st 2 modules are the 1st 2 lessons rather off module six. In the 1st 2 lessons, we took a look at computer protection components and network protection components.

00:31

In this lesson, we're going to learn all about the Windows Host firewall. Now, this is actually going to be a demo lesson, and this is going to be a two part lesson. So in the first part, we're gonna look at the Windows host firewall and the layout and where everything is and had access it and operated.

00:50

And then in the second part, we're going to create a policy or two

00:54

that could be applied for the host fireable.

00:58

All right, here we are, everybody. We are now inside the Windows computer. I've remote ID into a computer in my home lab here, and we are going to start so Windows firewall windows far walls are software based firewalls

01:17

natural because they come built inside the computer

01:19

and they can be accessed by coming down here to the control panel.

01:23

You can come up here

01:26

to control panel and then you want to go to the system and security tab up here at the top left

01:33

and then from there. Once you're in here,

01:36

you can access all of your system options and security options, and then you can get to the windows firewall.

01:42

So this is the windows far wall layout section. So as you can see here, there are two different types off windows far walls that I'm currently have going right now. So normally, all of all the options when his offers, Windows usually offers three

02:01

the home or private network firewall, the Public Network firewall. And then there's another one, which is known as the Domain Firewall. Now, I am not currently attached to any domain at the moment into that walk. That's why this firewall it does not appear. But this These are the two far walls

02:20

that I have going. As you can see, one is connected, but one is not so. The network I am currently on is considered to be a public network, so the public firewall is the one that is on right now.

02:34

So if you just want to take a quick glance at these, you can see that the state is on. You can also tell that it's on because of the green.

02:42

And then you can see incoming connections block all connections to programs that are not on the allowed A list of programs. And you can see I'm connected to network to

02:52

same thing appear at the top.

02:54

And so the first thing that we want to do

02:59

is show you had to turn it on or turn it off. Get over here. You turn it on.

03:05

And then from here, you can turn off the windows firewall just by clicking this radio button here

03:10

so you can do that with either one. And then obviously, if you hit okay, then it throws an error and says, Hey, you know, like, What are you doing? You know, turn your firewall back on. And as you can see, you have the little Red X in shield, which shows that the firewall is not currently turned on.

03:30

So normally we want trying to leave these on as much as possible. The only time we would really

03:36

might want to disable the firewall as if it is starting to interfere with how the network Far Wall would work. Sometimes the network firewall is the main one, and then sometimes the Windows far wall can interfere with the network firewall, depending on the type of network firewall that you have.

03:55

So that's one of the reasons why you may or may not want to have that on

04:00

so that we have here. So let's talk about letting a couple things in through the firewall. We can allow a program or feature to win this firewall by clicking appear, and these are programs that are running on this computer specifically.

04:17

So you see, we have some of the bond sure and Apple push services.

04:21

We have a couple of CYBERLINK programs that are running.

04:26

We have some McAfee stuff. We have network discovery, some nova pdf, and so these. These are different programs and services that are running on the computer that need access to get through the firewall.

04:38

Now you can restrict this access if you need to buy simply on checking this box and then that unchecked the two boxes right here for the private and public firewalls

04:50

now say, for example, if you wanted, Maybe have the service working on the whom fire all the private one, but not the public one. You can just check off that box right there and you can leave this one as is. It really depends on what you want to be doing.

05:12

So we can also come down to some of the advanced settings with the far wall

05:17

and we can see here this kind of gives you a overview off the different profile. So we have the window of private and we have the public. This is the one that is currently active, and it's currently the one that's being used and now have become here. Teoh the inbound rules.

05:36

We can see all the inbound rules and outbound rules

05:40

that are currently associated with this firewall.

05:44

So inbound rules are rules that get applied every time. There is an incoming connection that comes from the Internet, it into the computer so we can see that these are all things that want to that might need access to come into the computer. The outbound rules are

06:02

fairly similar. This is everything that is going out of the firewall from the computer.

06:09

So if you see here you can see that some of these have the green check mark. That means these are enabled

06:15

and some of them do not. Some of these are been great out. These are rules that have not been enabled.

06:23

Easy way to read. This is You can look at the name and then you can come over to the group. If there is a group, there's not always a group, and then you can look at the profile. So this Apple push service applies to all the profiles, which is the public private

06:41

and the domain. Whereas silver my apply on Lee to specific ones,

06:46

you can see whether the rule is applied, whether it's enabled or not, and you can see what the action is.

06:56

You can see if there is an override if need be, and then you can kind of look at some of the

07:02

You look at where these programs are running from coming in and out,

07:09

and then you can look at the source and destination addresses, depending on

07:15

what you might want to dio what you might want to filter on. And then you can also filter by the port. What what The ports running, whether it be TCP or UDP or any of

07:29

I'm sorry, any of the protocols, TCP or UDP or any of the ports. You can also specify who was allowed

07:35

and who is not. This is essentially the access control list, but we talked about were incoming and outgoing. Traffic from the firewall comes in.

07:46

It checks this access control list. And if there, if it's allowed to get in. If it's allowed to go into the computer than it has to pass this access control list now, say there's something that comes in that doesn't match any of the rules on the access control US, then it will be denied the

08:03

usually with firewalls there is the default deny where if it doesn't match any of the rules, it will just be

08:09

do not you have to explicitly allow things in,

08:15

and it works the same way with the outbound rules as well.

08:20

So if we come down here to monitoring,

08:22

we can see that your profiles we can see that the public want is active,

08:28

and we could take a look at some of the general settings and the logging settings. Walking settings keep track off what happened with the firewall when in connections we could so we could go back and take a look to see if something was allowed through or something was not allowed through on the log file, for that is right here.

08:48

So this is an example. Off the log fall, you can see some of these

08:52

came from October 18th at 10 42 and you could see it was loud. It went from

09:01

be

09:01

It's That's nation I P address or the source I P address, which happens to be I p of this computer. And it went out to here

09:09

and it went out on these ports Port 443 which is https, and we can see that it was outgoing because it was sent. These are the fields up here that you can see what's going on.